Re: [mpls] Adoption of draft-shen-mpls-egress-protection-framework

Yimin Shen <> Fri, 08 September 2017 19:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 71864126DD9; Fri, 8 Sep 2017 12:22:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.011
X-Spam-Status: No, score=-3.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bIiepggGSo9B; Fri, 8 Sep 2017 12:22:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CC5331320C9; Fri, 8 Sep 2017 12:22:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fttEbBZ4c5xz8SuSawN+4X4CvF6YlbFyUiXsXsnKSko=; b=PyG2Lfrg7r0NpfnGpfdEtGi6vPVS9XM/9V1fkX3/SkQP5uvhpfcUd925CqqgpVo48T4gRe93CjafCznEiyAeQsEzk0bgUfsUmllB15wk9JUesSUbkLAqGJ3Tonmrm6ymOVKid+9sRuiD2ZjrTJOHR7GxlYrQCQYL1f3xmzqBc9w=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id; Fri, 8 Sep 2017 19:22:53 +0000
Received: from ([]) by ([]) with mapi id 15.20.0056.003; Fri, 8 Sep 2017 19:22:53 +0000
From: Yimin Shen <>
To: Alexander Vainshtein <>, "" <>
CC: "" <>, Stewart Bryant <>
Thread-Topic: Adoption of draft-shen-mpls-egress-protection-framework
Thread-Index: AdMn4OLyXKADRfUKRCC1lUEYeszmrQA1XPmA
Date: Fri, 8 Sep 2017 19:22:53 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1315; 6:hPtbx3+6OHiVIvEwAsk1nBQqV8F4RP0f6NT9zYyxWtMUUyckm7zYHt8pWSQgPttcMcorBajUVNhRbyE7pkgw3DIonBA9xt2jwYOQwURGpCB4XJ16kBZwit+OoUuHc3/fFt7pSQV6BWoQtGgRrck4NvV7sR9mBqFonRy/ymdmYS4aTEnlA3KuCBDbFNsAxU2VkBUkGA1JNIEXtsoOI0a+L+n1lXFQLypKlEgsc74GwnNJJN2vzFnI6yZSCJsMcDhK5fnIQWI3nPLfntSvFKnmJMJbf+a+OHPDnz80iPNC+qU+OMVeX6Y2qahgyR9NqPyV9ttprqXVfxTM44IE73sOfQ==; 5:q/2cw2sKI6ljQz/IUkyWp2GHXX7jsU01D987Ow1XMthEXyjvYyvSafBc/nuhxaMsyVpKIC5sZV2ckqQ/jXdMTth0IpBuOmM20PRry68U8+oe7vlPxNqWfhfyvYSUJsrMKFSHtLCKIgWIP1LFhsUJ9A==; 24:gX3MNotyqt9yR5uX523R6jLZBFTOEDLrOs/f6/apWHcNRANM47BZHFEkYKVyi9H62Pt8rxv4qOgYkzAqgFABU4phvWjAvahqkPXzAIhntso=; 7:1S+C2JgcGJ68FkZmoeaCYEiwUY7yyFr8otCnz78nyB0Rp7OP2z8JfGQ1ku8/dpapbPF8FoRfAiBZVkMkatU/CSi5uS5EtpAwkH/6lgdfZzMArj9oZ2cNZ0EWFjHQKTDvxZVmn0M16X5MLDpMFtRZg7E/RzkZhDQGqte+L7aq5pCdR5PQ3i3ztJx65KBE9VgRqABwSFhUirjb5JmOZ+DRQOoRyHdspr6lst4Hr6N3W3k=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 2a19612a-7ebc-4ee5-16e9-08d4f6ef00b8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1315;
x-ms-traffictypediagnostic: BN3PR0501MB1315:
x-exchange-antispam-report-test: UriScan:(72170088055959)(279101305709854);
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1315; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1315;
x-forefront-prvs: 04244E0DC5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(43784003)(51444003)(189002)(199003)(25786009)(14454004)(189998001)(54356999)(7736002)(76176999)(36756003)(305945005)(82746002)(105586002)(6506006)(68736007)(8676002)(6436002)(101416001)(2906002)(77096006)(8936002)(229853002)(81166006)(3660700001)(2950100002)(81156014)(3280700002)(2501003)(6486002)(4001350100001)(83716003)(97736004)(33656002)(106356001)(39060400002)(5660300001)(50986999)(230783001)(6246003)(53936002)(478600001)(6512007)(99286003)(3846002)(2900100001)(54906002)(86362001)(6116002)(4326008)(83506001)(102836003)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1315;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is );
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2017 19:22:53.4357 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1315
Archived-At: <>
Subject: Re: [mpls] Adoption of draft-shen-mpls-egress-protection-framework
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-Protocol Label Switching WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 08 Sep 2017 19:22:59 -0000

Hi Sasha,

Thanks for your detailed review, and kind suggestions and support for this draft!

Please see inline for our response, and we will incorporate these changes in the next revision.


Yimin Shen
Juniper Networks

Dear colleagues,

I’ve read the draft in question and I support its adoption as a WG document by the MPLS WG.

[yshen] Thanks again ! 

At the same time I have several issues with the current text that, from my POV, should be resolved as the document is progressed. I would like to emphasize that I do not see these issues as blockers for the document adoption.

Here is the list:

The Requirements Language:

I have seen several occurrences of mixed usage of the IETF capitalized “MUST” and the non-normative “must” in the same sentence or in multiple sentences forming (from my POV) a common context within the document. Gere are just two examples (offending words are highlighted):

·         In section 5.10: “The context ID must be advertised in such a manner that any egress-protected tunnels MUST have E as tailend, and any egress-protection bypass tunnels MUST have P as tailend while avoiding E”

·         In section 5.13: ”In order to achieve this, the protector MUST maintain such kind of service labels in dedicated label spaces on a per protected egress {E, P} basis, i.e. one label space for each egress router that it protects. Also, there must be a session of service label distribution protocol between each egress router and the protector”

I have also found at least one text fragment where the IETF capitalized “MUST” appears very close to a non-normative “should” making it very difficult to understand what is and what is not required (again, the offending words are highlighted):

·         In section 5.8: “The bypass tunnel MUST have the property that it should not be affected by any topology change caused by an egress node failure”

I have found at least one text fragment that looks to me like specification of OPTIONAL behavior, but the IETF capitalized “MAY” is not used:

·         In section 5.2: “In a case where a PLR does not have a fast and reliable mechanism to detect a node failure or distinguish between a link failure and a  node failure, it may conservatively treat a link failure as a node failure and trigger egress node protection”.

(Please note that the quoted fragments are just examples, and there may be more such fragments in the draft).

[yshen] Will go through the document and fix all the cases.

Last but not least, RFC 2119 is quoted in Section 2, but is not listed as a normative reference.

[yshen] Will fix this.

Egress Link Failure:

The draft proposes a common framework for local repair of both egress link failures and egress node failures. From mu POV, these two cases are different. In particular:

·         Local repair of egress link failures can be achieved by many different mechanisms, including some that do not require support of context-specific label spaces in the protector. One such mechanism is even mentioned as “Option 2” for egress link protection in Section 6 of the draft, and, AFAIK, similar mechanisms have been successfully deployed by some vendors.

[yshen] Yes, this draft does consider this kind of egress-link protection mechanisms, hence list them as an option in the above section. Will clarify this further.

·         While alternative reasonably fast mechanisms for repair of egress node failures exist (e.g., see Section 6.2.1 of the BGP PIC draft, these mechanisms are applied at the service ingress PE and therefore should be classified as global repair mechanisms). 

I think that clear differentiation between the two cases (with Informative reference to the BGP PIC draft etc.) would be most helpful.

[yshen] Sure. Will mention BGP PIC as an example of global repair (as it is driven by ingress routers), and refer to the relevant draft. 

Egress Node Failure:

·         The draft is somewhat vague about detection of egress node failure as opposed to detection of failure of the link between the penultimate LSR and the egress node. Section 5.2 only says that “All the local failure detection mechanisms used by PLRs in transit link/node protection are applicable to egress node failure detection” leaving it to the reader/implementer to guess whether some other methods (e.g., monitoring the state of a multi-hop IP BFD session between stable IP addresses owned by these two devices) can be used for reasonably fast and reliable detection of egress node failures.

·         One well-known method for reliable (but slow) detection of the node failure is to wait for IGP to converge and to check whether the node is still present in the updated LSDB. AFAIK, there are deployed BGP PIC implementations that use this method to trigger BGP Edge PIC repair. However, I believe that this method is definitely not suitable as a trigger for local repair mechanisms, and I think that the authors should clarify their position on this point, one way or another.

·         The draft states in section 5.2 that “In a case where a PLR does not have a fast and reliable mechanism to    detect a node failure or distinguish between a link failure and a node failure, it may conservatively treat a link failure as a node failure and trigger egress node protection”.  This leaves open the question  of the PLR that can reliably and reasonably fast differentiate between these two cases (link failure and egress failure). In particular, the draft should describe the possible modes of behavior that the user can select for the PLR, and the ways to avoid race conditions between multiple protection schemes being applied simultaneously.

[yshen] Good point!  For clarity, I will add a new section for failure detection, to list common detection methods and address applicability, like the following:
1)  If the PLR has reasonably fast mechanisms (i.e. faster than control plane failure detection) to detect and differentiate a link failure and an egress node failure, it may set up both link protection and egress node protection, and trigger one and only one protection upon a corresponding failure. There should be no race condition between the two protections.

2)  The PLR may have fast mechanisms to detect a link failure and an egress node failure, but cannot distinguish them. Or, the PLR may have a fast mechanism to detect a link failure only, but not an egress node failure. In these cases, the PLR has two options:

2.1) It may set up link protection only, and leave the egress node failure to global repair and control protocol convergence. 

2.2) It may set up egress node protection only, and treat a link failure as a trigger for the egress node protection. However, the assumption is that treating a link failure as an egress node failure should not have a negative impact on services. Otherwise, it should also set up link protection only, and leave the egress node failure to global repair and control protocol convergence.

 Context ID Visibility:

Section 5.10 discusses various ways in which reachability of the Context ID can be advertised in IGP, i.e., within a specific AS. But I have not found any mention of inter-AS visibility of the Context ID. As a consequence, it is not clear to me whether the framework defined in the draft is applicable to MPLS services that cross multiple AS, e.g., with inter-AS IP VPN option C. From my POV, if the draft is only applicable to intra-AS services, this should be explicitly stated in the document (preferably, in the Applicability Statement section). 

[yshen] Both inter-AS and inter-area are supported. We will describe how context IDs are propagated across multiple AS/areas. Essentially, a context ID is an IP address. Hence, its inter-AS/area visibility can be achieved in the same manner as that of a regular IP address.

The role of traffic engineering in setup of bypass tunnels:

The draft states that “any egress-protection bypass tunnels MUST have P as tailend while avoiding E” (Section 5.9).  It also states that “The bypass tunnel MUST have the property that it  should not be affected by any topology change caused by an egress node failure” (Section 5.8). These statements look to me as implicit requirements to use some traffic-engineering technique for setup of the bypass tunnels and should be clarified in the draft. In particular, from my POV addressing these requirements with LDP used for setup of the bypass tunnels as described in Section 5.11, item [2], is non-trivial and therefore deserves detailed explanation. Depending on the details, some references (e.g., references to RFC 5286 and RFC 7490), that currently appear as Informational, may have to be promoted to Normative.

[yshen] The path computation for a bypass tunnel does not necessarily require TE. All we need is an algorithm which can take an avoided node (i.e. the egress node, in this case) as a constraint. Of course, such kind of algorithm is commonly used for TE, but it should not be tied to TE by its nature. In the case of LDP, we can set up the bypass tunnel by using various LFA mechanisms, which are actually good non-TE examples of the kind of path computation algorithm.

Bypass tunnels and segment routing:

I may have missed something important, but it seems that the technique described in Section 5.11, item 4, is just a variation of the hierarchical LSP technique when the context segment is used as a single hop LSP on top of a bypass LSP set up using SR. If so, it makes sense to merge items 3 and 4 of Section 5.11.

[yshen] Agreed. Will combined them.

Hopefully these comments will be useful.





Office: +972-39266302

Cell:      +972-549266302

Email:   Alexander.Vainshtein at